Closed Bug 1429542 Opened 6 years ago Closed 6 years ago

Crash in mozilla::net::HttpChannelChild::Cancel

Categories

(Core :: Networking: HTTP, defect)

Unspecified
Windows 10
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla59
Tracking Status
firefox-esr52 --- unaffected
firefox57 --- unaffected
firefox58 --- fixed
firefox59 --- fixed

People

(Reporter: marcia, Assigned: bkelly)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is
report bp-b1b3aba6-d058-4a3c-97b5-05ae10180110.
=============================================================

Seen while looking at nightly crash data: http://bit.ly/2CQ5EwO and seem to date back at least to 12-25 (crashes prior to 12-24 have been deleted)

URLs show up, and are mostly from the same sky.com site: https://news.sky.com/video/would-a-latte-levy-reduce-waste-11196296 

Top 10 frames of crashing thread:

0 xul.dll mozilla::net::HttpChannelChild::Cancel netwerk/protocol/http/HttpChannelChild.cpp:2285
1 xul.dll mozilla::net::HttpChannelChild::OverrideRunnable::Run netwerk/protocol/http/HttpChannelChild.cpp:1503
2 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1040
3 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:97
4 xul.dll mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:301
5 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:319
6 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:299
7 xul.dll nsBaseAppShell::Run widget/nsBaseAppShell.cpp:157
8 xul.dll nsAppShell::Run widget/windows/nsAppShell.cpp:344
9 xul.dll XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:877

=============================================================
Pretty sure I introduced this in bug 1204254.  Probably just needs a nullptr check.
Assignee: nobody → bkelly
Blocks: 1204254
Status: NEW → ASSIGNED
Andrew, given that other code does nullptr checks for mNewChannel I think its clear this code should be doing it as well.  I think I introduced this in bug 1204254.
Attachment #8941557 - Flags: review?(bugmail)
Comment on attachment 8941557 [details] [diff] [review]
Make HttpChannelChild::OverrideRunnable check for nullptr before using mNewChannel. r=asuth

Review of attachment 8941557 [details] [diff] [review]:
-----------------------------------------------------------------

Does this want to get on the uplift bandwagon?
Attachment #8941557 - Flags: review?(bugmail) → review+
Yea, I'll request uplift after the tree opens and I can push to inbound at least.
Pushed by bkelly@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1ce7be8b2a72
Make HttpChannelChild::OverrideRunnable check for nullptr before using mNewChannel. r=asuth
Comment on attachment 8941557 [details] [diff] [review]
Make HttpChannelChild::OverrideRunnable check for nullptr before using mNewChannel. r=asuth

Approval Request Comment
[Feature/Bug causing the regression]: Bug 1204254 
[User impact if declined]: Low frequency crashes
[Is this code covered by automated tests?]: I don't have exact steps to reproduce, so I do not have a test that specifically triggers this.
[Has the fix been verified in Nightly?]:  Its been pushed to inbound, but is not in nightly yet.
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: Minimal risk
[Why is the change risky/not risky?]: This patch simply adds a nullptr check.
[String changes made/needed]: None
Attachment #8941557 - Flags: approval-mozilla-beta?
Comment on attachment 8941557 [details] [diff] [review]
Make HttpChannelChild::OverrideRunnable check for nullptr before using mNewChannel. r=asuth

A simple fix for crash. Beta58+.
Attachment #8941557 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
https://hg.mozilla.org/mozilla-central/rev/1ce7be8b2a72
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in before you can comment on or make changes to this bug.